Date: Thu, 14 Sep 2000 14:49:18 +0100
From: Christi Alice Scarborough <christi.scarborough@futuretv.com>

Thanks very much to everyone who helped out with this - I now have a
working system.  For reference, this is how I got PAM authentication from a
standard UNIX password database with Eudora 4.3 clients to work on a Debian 2.2
(Intel) system. This configuration assumes that you are using standard UNIX
crypt passwords; pam-pwdfile is NOT compatible with MD5 encrypted passwords.

1) Installed the following packages from the Debian unstable tree
exim_3.16-3.deb  eximon_3.16-3.deb  libpcre3_3.3-2.deb

2) Installed the following stable package
libpam-pwdfile_0.1-1.deb

3) Added the following authentication section to exim.conf

login:
   driver = plaintext
   public_name = LOGIN
   server_condition = "${if pam{$1:$2}{1}{0}}"
   server_prompts = "Username:: : Password::"
   server_set_id = $1

4) Added the following line to the first Exim configuration section

host_auth_accept_relay = * 

5) Created /etc/pam.d/exim with contents as follows

auth     required       pam_pwdfile.so pwdfile /etc/exim.passwd 
account  required       pam_pwdb.so 

6) Run the following script from crontab to keep the exim password
file synchronised with our shadow password file.  (Logins to this 
machine are firewalled off.  If you want to allow local logins, 
you might want to use a completely seperate password file for 
security reasons.)

#!/bin/sh
# 
# This script copies the shadow password file to exim.passwd and sets
# permissions so that exim can read it for pam-pwdfile authentication

cp /etc/shadow /etc/exim.passwd.temp
chmod 600 /etc/exim.passwd.temp
chown mail:mail /etc/exim.passwd.temp
mv /etc/exim.passwd.temp /etc/exim.passwd